Gotham Security Daily Threat Alerts

May 29, Softpedia – (International) Non-sophisticated malware steals thousands of credentials from targeted SMBs. Security researchers from Kaspersky discovered a large malware campaign, dubbed Grabit that has infiltrated small and medium businesses worldwide across a variety of sectors with a commercial keylogger called HawkEye and several remote administration tools (RATs) distributed via emails containing malicious macro-laden Microsoft Word documents. The researchers reported that the campaign has collected about 10,000 files from the U.S., India, and Thailand since February. Source

May 29, Threatpost – (International) Angler Exploit Kit exploiting new Adobe vulnerability, dropping CryptoWall 3.0. A security researcher at SANS Internet Storm Center discovered variants of the Angler Exploit Kit (EK) dropping CryptoWall ransomware on affected machines for the first time, and security researchers at FireEye observed that the EK added a recent Adobe Flash Player vulnerability in which attackers could exploit a race condition in its shader class to execute arbitrary code. Source

May 29, Security Week – (International) Sally Beauty: Cybercriminals planted malware on PoS Systems for 6 weeks. Sally Beauty announced May 28 that cybercriminals had deployed malware on multiple company point-of-sale (PoS) systems between March and April, and that it had cleaned the malware from all affected systems. The company believes attackers accessed names, credit and debit card numbers, expiration dates, cardholder verification values, and service codes in the breach. Source